Facebook Ads Steal Credit Card Information

On April 17, 2024, specialists from Recorded Future discovered a fraudulent campaign with Chinese origins that had targeted Facebook users. They named it Eriakos after the content delivery network (CDN) oss.eriakos[.]com that scammers used in most cases.

In brief, scammers created a selection of fake shopping websites that impersonate well-known brands and advertised them through Facebook ads. These sites lure people into buying from them by offering huge discounts (53%, 75%, etc.) that are available for a limited time. Additionally, scammers use different tricks to bypass automated detection systems to avoid being blocked.

The final goal of this scam is to steal confidential data, particularly payment information. As it usually goes for delivery orders, the user should specify their delivery address, postal code, phone number, email, and real name. And as the site is controlled by cybercriminals, they’ve managed to gather all the sensitive data input in a rather easy manner. To top this all up, the payment is also done on the same scam page, so all the bank card data will get to the frauds, too.

Eriakos Facebook Ads Scam Details

Researchers discovered a total of 608 fraudulent websites that imitated popular brands. The scammers used several tricks, which we will discuss further, to avoid detection and continue their malicious activities.

Social Engineering

This classic tactic in online fraud aims to prevent the victim from taking time to think. The fraudulent site uses a countdown timer with text like “Time left for the sale: xx:xx”, which resets upon refreshing the page. This advertisement also includes “reviews from people” who supposedly bought the product. In reality, these reviews are fake and serve to lull the victim into a false sense of security.

Detection Avoidance

Users primarily land on such sites through Facebook ads. Researchers noted over a hundred Meta Ads related to a single fraudulent site can appear every day. To avoid automated detection systems, scammers designed the sites to target mobile users exclusively. This means that before opening the site, a check based on referrer and user-agent headers is performed, and if the site is accessed from a PC, it simply doesn’t open.

CDN and Domain Registrar

Another noteworthy detail is the domain registration location. All their domains were registered with Alibaba Cloud Computing Ltd. They also used a single CDN oss[.]eriakos[.]com. On the other hand, the www subdomains were registered under Cloudflare. This should have mixed the tracks for anyone who was about to research the scam.

How To Stay Safe

Today, we increasingly see fraudulent schemes targeting human inattention or lack of awareness. To avoid falling victim to such schemes, users should be particularly vigilant when making online purchases. I recommend refraining from buying items advertised through social media ads. Instead, consider purchasing the desired item from official stores.

If you still decide to make a purchase through marketplaces, be sure to conduct your own research and investigate the store, the seller, and the desired product. Do not rely solely on reviews directly on the current page. Instead, search for the product online. Use a URL scanner to check the online store’s address. Finally, check out our post on this topic.

Consider using anti-malware solutions as an additional preventive measure. GridinSoft Anti-Malware includes an Internet Security module that can automatically block suspicious and fake websites.

The post Eriakos Scam in Facebook Ads Targets Personal and Banking Data appeared first on Gridinsoft Blog.

Why Are Facebook Fraud Dangerous?

If the problem were negligible, it would have been written about less. Nevertheless, according to the U.S. Federal Trade Commission, more than 95,000 people have reported about $770 million in losses due to Facebook Fraud. Moreover, reports of people losing money due to Facebook attacks undertaken on social media have more than tripled in the last year.

Top Facebook Fraud You Need To Know

The most common online fraud schemes are Facebook phishing emails, loan offers, profile cloning, fake live streams, dishonest pranks, and cryptocurrency scams. More things existed earlier, and even more may peek out in future. We will now break down the most popular points in more detail about Facebook fraud.

Facebook Email Scams

You get an email that looks like it came from Facebook, but it doesn’t. It may use the Facebook logo and look like the real thing. More often than not, the email prompts you to log in to your Facebook account to read an important message or protect your account. In some cases, scammers may threaten to make you act quickly and without hesitation. For example, they may write that all of your messages will be deleted (due to your inactivity on the platform) if you don’t log in.

The link they offer you to follow leads to a website copy, that aims at grabbing the credentials you type there. This is popular and dangerous examples of Facebook attacks. However, the link in the email is malicious. Suppose you click on it and enter your information. Then scammers can send messages to your friends, post content pretending to be you, or try to use your information to access your financial accounts.

Facebook Marketplace Scams

Since so many of us use the Facebook Marketplace to make sales and purchases, there is a chance of getting caught up in Facebook scams that affect how we trade and buy things online. These can be scammers asking for extra postage, people posing as legitimate businesses, or sellers selling authentic “celebrity-signed merchandise“. Unfortunately, such scam threatens financial losses and leakage of personal information, such as credentials or your bank card data.

Facebook Dating Scams

This is one of the oldest scams associated with scammers who pose as love interests. These fake romantics are people you’ve never heard of before. They pretend to have experienced a traumatic breakup or use flattery to woo you. This scam is designed to play on your emotions. However, it always ends the same way – in the end, they ask you to send money. If you give in to their pleas, you’ll end up without money.

Facebook Lottery Scam

Lottery scams are often carried out using accounts or pages impersonating someone a person might know in real life. Scammers can also pretend to be an organization, a government agency, or Facebook administration. The fraudulent messages claim that the recipients have been selected as one of three fake lottery winners. This Facebook email spam acts as a phishing scam. That is, the goal is to extract sensitive information. With the help of social engineering, scammers can repeatedly extort money from the victim. They will claim it is a “commission,” which cannot be deducted from the prize for some complicated legal reason. In addition to the financial cost, the victim may give their personal information to the scammers, leading to even more unpleasant consequences.

Facebook Messenger Scams

Whether it’s a friend or a stranger who sent you this message, you might panic when someone leaves you a message like “Oh my God, look what they’re saying about you” and click on the link to find out what’s going on. Again, it’s about letting your curiosity take over and making your inquisitive nature say, “I want to know” But don’t click! A vague message makes you suspicious, and clicking on it can download malware onto your computer or phone.

Links may lead to exploit sites that aim at tracking your location and, if possible, delivering malicious software.

Facebook Messenger – Fake Messages From Friends

Please be skeptical if you receive a friend request from someone with whom you already have in your Facebook friends. Fraudsters clone the person’s entire Facebook profile, creating a fake one. From your “friend’s” page, the hacker may send a link to a get-rich-quick scheme or an excellent quote, which you would ignore from an anonymous email but not from a trusted friend. The consequences are similar to the previous case.

Facebook Fraud Marketplace – Car Scams

This scam involves scammers trying to scam people who want to buy a car through the marketplace. The con is that the scammer puts the price of the car much lower than its actual value. The scammer also claims to have arranged a deal with eBay Services in advance, so the buyer sends the money, and the car is shipped in at least three days. Next, the buyer has five days to inspect the vehicle before “service” transferring money to the seller. However, after the money is sent, the seller disappears, and obviously, no car arrives for the victim.

Another kind of this scam means scammers list the same items at different prices from multiple fake Facebook accounts. Usually, their prices are much lower than comparable prices. This is done to entice the victim. But once the victim negotiates the price and pays them, the goods never arrive. Many of these accounts previously belonged to legitimate users who stopped using Facebook without realizing that someone else had access to their account or was hacked and sold on Darknet after the hack.

Facebook Ad Scams

Another tried-and-true tactic is to play on money savers. Hackers offer victims these bargains, for example, through fake apps promising deals. Unfortunately, the app is a Trojan horse. When users install it on their devices to get coupons or discounts, they only get malware.

Scammer List on Facebook

This list was probably created by victims who had suffered at the hands of these scammers. Most likely, it was supplemented in the process and consisted of scammers or dubious traders, or services

The post Facebook Fraud: Other Dangerous Facebook Scams appeared first on Gridinsoft Blog.

According to the U.S. Federal Trade Commission, hundreds of millions of dollars are lost annually due to social media scams. Knowing the most common scams and taking the appropriate steps to avoid them is how you can prevent them on Facebook.

Most Common Facebook Scams Today

Fraudsters develop new ways and methods to make an attack and remain unseen. Such threats are often the users’ login credentials and financial data. Here is a list of the most common Facebook attacks on the social network.

Phishing Scams, Facebook Email Scams

Facebook Phishing emails are increasingly used in Facebook fraudulent attacks, and Facebook users are exposed to such attacks as well. Such letters will include a link and wording that tells you to go to Facebook. The link will take you to a website that looks like Facebook but is fake. Sometimes, websites will tell you that you’ve gotten your account hacked. Other times, they will ask you to verify your login information. There are many of the most dangerous types of phishing attacks that are carried out using various technologies.

One way that sites are trying to get you now is to email you a link to reset your Facebook account, saying that it has been shut down for security reasons. Cybercriminals want you to give them private information using fake websites or apps. The reason can be anything, but their goal is always the same. When you fall for a phishing scam, criminals have all the information they need to mess up your social media account.

Shopping Facebook Scams

Facebook is a platform where many companies and organizations work; they put their data and do business. Most organizations promote their products there and look for potential customers through various advertising posts, messages, and others. This is another one of the great examples of Facebook attacks to watch out for! Fraudsters, in this case, are no exception; they can also attract the audience to buy a particular product. As a result, the user can believe the banner and pay for the offered thing but never get it.

Bogus Job Facebook Scams

Announcing good online work is always tempting. But it should be understood that such offers can be fake and do not carry profound implications. So before agreeing to such an offer, ensure the legitimacy of the organization that makes such an announcement. Because if you take this job, the first thing you’ll be asked about is your address, your insurance number, a copy of the paperwork, and other important data. In this case, you risk compromising your privacy.

Charity Scams

Fraudsters always try to influence the user’s emotional state. The charity case is no exception. Scammers create fake charity profiles that post photos of outsiders who need immediate help and make money from donations. On this basis, be careful before you make a transaction; explore the organization that does this. Helping the sick or the elderly is good, but address the money to the ones who need it.

How to Avoid Facebook Scams

Below, we will guide you to protect yourself from Facebook fraud. With these tips, you can reduce the risk of fraudulent threats to you and your data.

1. Lock down your Facebook privacy settings

Make sure your privacy is well protected. For example, you can hide pictures and videos from third-party users who are not your friends. To do so, make the following changes in Settings:

1. Launch the Facebook app.
2. In the upper right corner of the screen, tap on the down arrow (on iPhone) or hamburger menu (on Android).
3. Select Settings & Privacy from the menu.
4. On iPhone, choose Privacy Checkup. On Android, tap Settings to open another page where Privacy Checkup is. After that, Facebook will walk you through the most common privacy settings and recommend each option.

2. Enable two-factor authentication

Two-factor authentication is a good way to log in to your account more securely. It supposes you should enter the one-time code you receive on your phone number, aside from your login and password, when logging in. You will receive this code as a text message or through the application. To do this, follow the instructions below:

1. Launch Facebook on your computer or app.
2. In the upper right corner of the screen, tap on the down arrow.
3. Select Settings & Privacy > Settings > Security & Login.
4. At the bottom of the page, find the Two-Factor Authentication and tap Edit.

3. Decline a friend request from anyone you don’t know

Please take it as a habit not to accept all requests as friends. You don’t need extra friends if you are not blogging or interested in publicity. Communicate only with those you know. It’s an excellent way to protect yourself from many phishing attempts.

4. Ignore messages asking for personal information or money

If you have received a letter asking for financial assistance from a stranger, it is better to ignore this. If this character is on your friend list, then better call him and find out if he needs it. Such requests via Facebook are more of a scam than a serious request for help.

5. Don’t click on suspicious links

Avoid clicking on links or attachments no matter what message you receive. Open them only if you know for sure that these are messages from the user you really know. If you do not know how to verify the legitimacy of the sender, then follow these instructions:

1. Launch Facebook on your computer or app.
2. In the upper right corner of the screen, tap on the down arrow.
3. Select Settings & Privacy > Settings > Security & Login.
4. At the bottom of the page, find Advanced and tap Recent Emails from Facebook.

6. Check your login history regularly

Keep an eye on where your account is logged in from. This will help you to detect and remove unwanted sessions. It may also be an indicator of compromised account security.

1. Launch Facebook on your computer or app.
2. In the upper right corner of the screen, tap on the down arrow.
3. Select Settings & Privacy > Settings > Security & Login.
4. At the bottom of the page, find Where You’re Logged In and review it for accuracy. Delete any suspicious logins.

7. Use a strong password

Using the same password for several accounts is undesirable. Therefore, create a strong and unique password that will not be easy to decrypt. To do this, use combinations with different letters and characters. The most specific passwords are easiest to crack with various password dictionaries and brute force tools.

8. Search regularly for accounts in your name

At that moment, too, you should remember and look for profiles with such a name on the network from time to time. Because fraudsters often use cloning accounts to appear like legitimate users. If you find such a counterpart, inform Facebook support about such a profile. To do this, tap on the three dots on a person’s profile and choose to Find Support or Report Profile. That is especially important when you are a public person, and someone may be interested in stealing your identity.

The post Top Facebook Scams 2024: How to Avoid Them appeared first on Gridinsoft Blog.

What is Facebook Job Scam?

Facebook fake job scam is a new trick in the vast toolkit of scammers who operate in this social media. Its essence is to trick users with offers of remote-home positions but ultimately steal their data and banking credentials. Researchers have warned of “ongoing attacks against multiple brands” that use Facebook ads to trick victims. The scams go so far as to send what appear to be legitimate work contracts to victims. However, instead of the promised work, victims receive stolen information and, in some cases, money.

In general, such scams have always existed in one form or another. We could create a whole section if we collected all the Facebook scams documented in our blog. However, this fraud has more mass scale and negative consequences. Even in the most innocuous outcome, the victim provides the scammers with confidential information, namely photos of documents. In the worst case, the victim is taken for the full ride – compromised accounts, infected devices, and stolen money.

How Do Facebook Job Scams Work?

The scammers advertise fake job openings in Facebook group chats, encouraging victims to private message them. The scammers then pose as Qualys recruiters offering work-at-home jobs. These job scam texts often occur in group chats, soliciting users to message the scammer who posts the job opening privately. Work-at-home jobs have always been a fishbowl for scammers, mainly because of the pandemic. As more people lose or quit their jobs, scammers exploit the situation by targeting job seekers. They know some people are desperate to make money and use this to lure in new professionals not used to working from home.

Once the scammers have established a connection with the victim, they ask the victim to install a third-party messenger, Go Chat or Signal, to continue communicating there. Next, the scammers ask for additional information so that the victim can sign an “official contract”. Since this contract contains Qualys logos, correct corporate addresses, and signature lines, it seems convincing. Next, the scammers ask the victim to send a copy of a state-issued ID of all sides. Finally, crooks ask the victim to cash a check for the software purchase for a new computer that will supposedly be delivered to them by their new employer.

Qualys Response

The company confirmed the increasing attacks on popular brands offering remote work. “In several cases, the scammer appears to have compromised legitimate Facebook users and then targeted their direct connections.” – they said. It stated that it does not publish vacancies on social media. Qualys also clarified that it publishes job postings exclusively on its official website and other reputable job sites. The company also gave some advice for those looking for jobs online.

Job scams are indeed a constant online security issue, one that’s currently on the rise, according to the US Better Business Bureau (BBB). Online ads and phishing campaigns are popular conduits for job scammers. They use social engineering to bait people into responding and steal their data, online credentials, or money. Without an appropriate response from companies, scams can also have a negative reputational impact on those whose brands are used in the scam.

Safety Recommendations

To avoid becoming a victim of such scams, you need to be able to recognize it at the initial stage. I have gathered the most valuable recommendations both from the company itself and from personal experience:

• Look for vacancies in special sections on official company websites. To avoid potential scams, verifying job offers by contacting the company directly via their official website instead of social media channels is essential.
• Don’t fall for tempting offers. Suppose someone offers you suspiciously favorable conditions or a salary above the market. In that case, it is a good reason to think twice. Adopt the mindset: If it’s too good to be true, it probably is.
• Never install anything at the request of strangers. You don’t need to download an app to apply for any job. Genuine recruiters will contact you through phone or email or arrange a multimedia interview at their own expense. They have the necessary tools, so you don’t need to worry.
• Don’t pay in advance. Let’s take a closer look at this point. Self-respecting organizations will not charge you a fee to hire you. Often, after the first interview, if the employer is interested in you, they will contact you again for a more detailed talk. They may also offer an internship or a trial period. But no one will take money from you for “installing software” or stuff – those expenses are always accounted for in the cost of a hire operation. On the other hand, scammers often ask for upfront payment for equipment/software/training/etc as a prerequisite. This is a definite sign of a scam. Never accept a check and cash it digitally from an unknown virtual or digital source. Always go to the bank and treat any such check with high suspicion.

If you suspect you are talking to a scammer, sever all communication immediately. Trusting your instincts and not engaging with the scammer any further is essential. At the same time, keeping a record of all previous interactions, including emails, messages, and phone numbers, is crucial. This documentation could be handy in potential investigations or to alert others about the scam. Next, change passwords and monitor bank accounts for unusual activity to protect your personal and financial data. Finally, report the scam to relevant authorities and alert your personal/professional network to prevent similar incidents.

The post What are Facebook Job Scams and How to Avoid Them? appeared first on Gridinsoft Blog.

What is the Top Maine Lobster Scam?

Top Maine Lobster scam is a new fraud scheme that targets seafood enthusiasts’ fondness, specifically Maine lobsters, as it comes from its name. They have been airing deceptive advertisements on Facebook, promising heavy bargains on frozen Maine lobsters and colossal Alaskan king crab legs. However, this is a trap, leading unsuspecting victims to a fraudulent online shop called Topmainelobster[.]com. According to the reaction on social media, numerous individuals have fallen victim to this scam. They share their stories on Facebook about placing orders and never receiving the promised products.

In addition, the investigation has revealed that at least two Facebook pages are using the name “Top Maine lobster,” and both are scams. Both pages have NO posts, but they share the same profile picture. The transparency of these pages says the pages are very young, lacking the historical data and credibility expected from legitimate businesses. Thus, the scammers behind this operation attempt to deceive and confuse potential victims with multiple iterations of their fraudulent pages.

Methods of Propagation

Scammers have been actively running ads on Facebook, luring potential customers with what appear to be unbeatable deals on frozen sea products. They claim to sell Maine lobsters and Giant Alaskan king crab legs for a meager price. The fan page, “Top Maine Lobster,” mentioned above, is the centerpiece of this scam. If something seems too good to be true, it is.

The latest trend shows a massive flooding of Meta Inc. social media sites with fraudulent ads. Although this problem has been present for a very long time, and Meta Inc. claims that it is fighting this problem, we see the opposite result. For example, Instagram is overflowing with ads for sites that sell useful products at 30-70% discounts. In most cases, these are the lowest-quality copies from Aliexpress/Taobao/TEMU. However, there have also been cases when the victim received a box with garbage inside. The ability to advertise products on social networks was initially conceived as an opportunity for young, little-known artisans to promote their products. But now, it has become a noun that, by default, is associated with scams.

Why Is Top Maine Lobster a Scam?

According to ScamAdviser, an anti-scam website, Topmainelobster[.]com has a Trustscore rating of just 1 out of 100. Such a miserable rating is a clear indicator of the website’s fraudulent nature. It signifies a lack of trustworthiness, suggesting that customers should steer clear of this online platform to avoid becoming victims of this lobster scam. Further examination reveals that the website was registered on October 25, 2023.

This newfound status raises suspicions, as legitimate and trustworthy online businesses tend to have a more extended history and established online presence. The age of this website aligns with the behavior of many fraudulent online platforms. These one-day sites often appear suddenly and vanish just as swiftly, leaving customers without their purchases or refunds.

How to avoid shopping scams?

Unfortunately, this is not an isolated case of such a scam but rather a trend. The only thing that distinguishes this fraud from others is its scale. We recommend that you thoroughly research a website before you buy anything from it. You can do your research, read independent reviews, and check the rating of the site using special services. You can also use our link scanner. This will allow you to find out some information about the site that will help you decide whether you should buy from it or not. As for Topmainelobster[.]com, this is not the first such scam, and it won’t be the last. However, knowing the signs of a scam will help you recognize it. Forewarned is forearmed.

The post Top Maine Lobster Scam on Facebook appeared first on Gridinsoft Blog.

AI Scam in Facebook Ads

The use of social media for cybercrime, in general, is nothing new. However, to maintain effectiveness, sometimes fraudsters have to adjust their tactics and adapt to current trends. Another “innovation” from cybercriminals was discovered by CheckPoint Research (CPR) experts. According to their report, fraudsters are using Facebook as a platform for their dirty deeds. Since the hottest topics are AI-related, scammers are using them as bait. Such pages often contain mentions of ChatGPT, Google Bard, or Midjourney. For the best effect, scammers heavily embellish their “services”. For example, some pages have names like Bard New, Bard Chat, and G-Bard AI, and some are not shy to name themselves GPT-5.

Obviously, many people fall for it. The main reason is that real services are unavailable in some countries, so many people can’t distinguish fakes from real ones. Moreover, the abundant number of discussions, comments, and likes make users believe in the genuinity of these posts. However, in the end, naive users are tricked into downloading and installing malware. In turn, this malware steals valuable information from the victim’s computer. This includes online passwords (banking, social networks, games, etc.), crypto wallets, and any information stored in the browser.

How does it happen?

I already mentioned that hackers create Facebook groups on AI-related topics. To look legitimate and attractive, they fill it with different content – mostly legit at this point. Next, users and algorithms come into play. As unsuspecting folks comment and like the content, Facebook promotes it into recommendations and user feeds. As a result of this manipulation, fraudulent pages can have more than two million followers, which is also compelling. Though all these pages have one thing in common – they all link to a site that offers “additional functionality”. Some links promote an application, some – a password-protected archive under the guise of necessary files for the engine, or have just one button, “Get started”. However, each option will bring malware to your PC instead of the promised one.

Fake AI Groups on Facebook Spread Infostealers

Info stealers are the primary infection that spreads through this scheme. These malicious programs aim to collect sensitive and personal data from infected devices. They scan the infected system for valuable information such as logins, passwords, bank card details, social accounts, and other sensitive information. Next, the info stealer starts secretly collecting data and transmits it to the attackers over the internet. Crooks use the data collected by info stealers for financial scams, identity theft, blackmail, or selling on the dark web.

Security Recommendations

Unfortunately, genuine artificial intelligence services cannot always influence fraudulent schemes. Therefore, it is essential that users educate themselves, recognize the risks, and remain vigilant against such schemes. Since phishing is the basis of such cyber attacks, the attackers’ main goal is to convince the victim that they are legitimate. Here are some of the ways to detect a phishing attack:

• Download software from trusted sources. Since Facebook groups are not trusted sources (even if they appear to be), we do not recommend downloading software for your computer from it. Instead, we recommend using the app or the company’s official website.
• Ignore Display Names. You should avoid falling victim to phishing scams and focus on verifying the sender’s email or web address. Phishing sites and emails can manipulate display names to appear legitimate, but checking the source is the best way to ensure authenticity and trustworthiness.
• Verify the Domain. It is common for crooks to utilize domains with slight misspellings or those that appear to be credible. It is essential to be cautious of these misspellings as they can be a sign of phishing attempts.
• Use reliable antimalware software. In addition to the above recommendations, having additional protection is a good idea. Even if you miss a link, an anti-malware solution will neutralize the threat before deployment.

The post Fake Ads on Facebook Promote Scam AI Services appeared first on Gridinsoft Blog.

What is Ducktail Malware?

Ducktail is malware built on .NET Core that predominantly targets individuals and employees who may have access to a Facebook Business account. The Ducktail campaign is believed to have been active since 2018. However, the author became actively involved in developing and distributing malware related to the DUCKTAIL operation in the second half of 2021. The chain of evidence suggests that the attacker’s motives are driven by financial considerations and that the cybercriminal behind the campaign hails from Vietnam.

As mentioned at the outset, the primary targets of this stealer were individuals who hold senior positions in clothing, footwear, and cosmetics companies, as well as employees involved in digital marketing, digital media, and human resources. However, the author is believed to have recently updated the malware, expanding its capabilities. The new version of Ducktail is written in PHP. Now it targets users with any level of access to Facebook Business accounts.

How does it work?

The Ducktail malware is specifically designed to extract browser cookies and use social media sessions. In this way, the attacker obtains sensitive information from the victim’s social media accounts and over Social Media Business accounts respectively. The scammers then use the access to place advertisements for financial gain. We will now look at this process in more detail.

Delivery

To infect a target device, attackers use time-tested social engineering. I have repeatedly mentioned that the weakest link in any defense is the human factor, so this tactic will always be relevant. First, scammers place a malicious file on popular cloud storage. They typically use Google Drive, OneDrive, Mega, MediaFire, Discord, Trello, iCloud, and Dropbox. Next, they trick the victim into downloading and opening the malicious file. To do this, hackers contact the victim via social networks, and send a link to the archive. To make it look more legitimate, they pick a name like “Project Information And Salary Details At AVALON ORGANICS.zip”. Consequently, no suspicion is raised by the victim.

Inside the archive, there may be some thematic images (e.g., images of cosmetics, if it is a cosmetics company) and PDF or PDF document files. In reality, however, these are executable files disguised as documents, as can be seen by checking the file extension. These files are actual payloads – .NET assemblies that carry both executable sections and DLLs in it.

Info Stealing

Once launched, Ducktail scans web browsers, mainly Google Chrome, Mozilla Firefox, Microsoft Edge, and Brave Browser. The malware extracts all stored cookies as well as access tokens. It is also interested in information such as name, user ID, email address, and date of birth from the victim’s Facebook account. The malware scans registry data in HKLM\SOFTWARE\WOW6432Node\Clients\StartMenuInternet to get each installed browser’s name, path, and icon path.

Hacking process

Ducktail uses the victim’s social media session cookie and other security credentials obtained. This allows it to interact directly with other social media endpoints from the victim’s computer, extracting information from the victim’s social media account. In addition, the malware checks for two-factor authentication and, if positive, tries to obtain recovery codes. It can also steal access tokens, IP addresses, and user agents, data from commercial and advertising accounts connected to the victim’s personal account. This allows attackers to hijack these accounts and add their email addresses to gain admin and financial editor access.

While the former is self-explanatory, administrator rights give complete control over the Facebook Business account. Financial editor rights allow the change of credit card information and financial details of the business, such as transactions, bills, account charges, and payment methods. Because Ducktail accesses this information by sending requests from the victim’s computer, he impersonates a legitimate user and his session. This is achieved by masking its activity behind the victim’s IP address, cookie values, and system configuration. In addition to the data obtained, the malware attempts to get data from the Facebook Business page the following information:

• Payment initiated
• Payment required
• Verification Status
• Owner ad accounts
• Amount spent
• Currency details
• Account status
• Ads Payment cycle
• Funding source
• Payment method [ credit card, debit card, etc.]
• Paypal Payment method [email address]
• Owned pages.

Exfiltration

As C&C server, Ducktail uses Telegram messenger as a channel. Fraudsters use Telegram.Bot client library makes it easy to upload a file to a chat with a Telegram bot. Finally, the malware runs an infinite loop in the background, establishing a continuous exfiltration process.

How to protect yourself?

Ducktail is a narrowly targeted information thief that can have severe financial losses and identity theft. Its authors constantly make changes and improve delivery mechanisms and approaches to steal sensitive user information. However, the following tips can help you keep the chances of infection to a minimum:

• Only download applications from trusted sources. Please avoid URLs that may be used to spread malware, like Torrent or Warez.
• Use strong passwords and remember to update them regularly.
• Enable multi-factor authentication whenever possible.
• Use reliable antivirus and internet security software on all your devices, such as your PC, laptop, and workplace PC.
• Avoid opening links and email attachments unless you can verify their authenticity.
• Keep an eye on the network beacon to prevent data exfiltration by malware or TAs.
• Consider enabling Data Loss Prevention (DLP) solutions on your employees’ systems.

Ducktail IoCs

MD5:691ca596a4bc5f3e77494239fb614093
MD5:618072b66529c1a3d8826b2185048790
MD5:b4125e56a96e71086467f0938dd6a606

SHA1:20f53032749037caa91d4b15030c2f763e66c14e
SHA1:936139fc7f302e3895f6aea0052864a6cb130c59
SHA1:e692a626c6236332bd659abbd4b1479b860bf84a

SHA256:f024e7b619d3d6e5759e9375ad50798eb64d1d4601f22027f51289d32f6dc0ca
SHA256:2650e6160606af57bd0598c393042f60c65e453f91cde5ecc3d0040a4d91214d
SHA256:385600d3fa3b108249273ca5fe77ca4872dee7d26ce8b46fe955047f164888e7

The post Ducktail Infostealer Malware Targeting Facebook Business Accounts appeared first on Gridinsoft Blog.

Fake ChatGPT Plugin Spreads via Chrome Web Store

Chrome Web Store serves as a default place to get add-ons to your browser. This, however, creates a menace of flooding this service with malicious or just junky extensions. Filtering them out, as practice shows, is not an easy task. In some cases, malicious plugins manage to score 100,000+ downloads before being wiped from a store. Still, most of them are not immediately dangerous, as their functionality resembles adware or browser hijackers.

Fake ChatGPT plugin used the worst breaches present in Web Store, as well as in Google Ads. To promote the plugin, crooks who stand behind it purchased the sponsored advertising in Google Search results. It all ended up with victims seeing a link to install a malicious ChatGPT plugin on top of a search query. Being published in the Store on February 14, 2023, it started to bloom only a month later, after the mentioned advertising appeared. By March 22, Google managed to remove the plugin from the Web Store and toggle the advertisements down. However, over 2 million people already managed to install that malware – so it is a clue for understanding the scale of possible problems.

Malicious ChatGPT add-on hijacks Facebook accounts

Key thing that made this plugin so bad is the fact that it was aiming to hijack Facebook accounts. Even though it proceeds with giving your what it promised, the crime happens right after the plugin installation. That was done via collecting the cookies, which browser plugins have access to if the user gives corresponding permission. The exact plugin was offering “quick access to GPT chat”, thus it is not clear whether it may need user cookies. Still, that barely bothers people who want to get ChatGPT access in one click.

Cookies in web browsers act as a form of temporary info storage, which is needed for websites to remember the user’s choices, nickname, and other trivia details. Some websites store session tokens within cookies – and Facebook is among them. The risk here is that a third party can relatively easily parse these cookies and retrieve the session token. This, in turn, gives them full access to your account – and they will likely use it immediately. That is dictated by a usual session tokens expiration time – less than 24 hours. Seeing that your account sent numerous spam messages to your friends and posted scam offers or even extremist propaganda is at least embarrassing.

How to avoid malicious browser plugins?

It may be difficult to distinguish fraud at a glance, especially when Google promotes it to you. First and foremost, keep track of official announcements. If an organisation or company never claims to know about browser plugins or any other add-on, it will be a bad idea to trust the one you find online. Even seeing a huge number of downloads does not mean it is safe and legit – at least because the counter may be artificially boosted.

Controlling the permissions you give to add-ons is another possible remedy. Yet it also does not guarantee that the plugin will not misuse that privilege. For that reason, the best option is to use anti-malware software. A program that will detect malicious software by its behavior, regardless of its form, is an essential thing these days. Try out GridinSoft Anti-Malware – it works perfectly in protection against unusual threats, including browser plugins.

The post Malicious ChatGPT Add-On Hijack Facebook Accounts appeared first on Gridinsoft Blog.

A report from Hootsuite, a social media management platform, states that Facebook Marketplace has over one billion monthly active users worldwide. Additionally, the service reaches 562 million people through ads. One of the reasons this service has risen in popularity is that it doesn’t require any payments to list items for sale or take out newspaper ads. Instead, it connects buyers and sellers for free.

But like any other platform, there are various fraudulent frauds. This article will provide you with a guide to some types of scams on Facebook Marketplace.

Identifying Facebook Marketplace Scams

Facebook recognizes the possibility of fraud on its platform. However, how can you differentiate between a scammer on Facebook Marketplace?

It’s important to be aware of scams that can happen when buying or selling on the Marketplace, according to Facebook’s help section.

He warned people to avoid quick responses and immediate payments. He also recommended waiting at least 12 hours before replying to any offers. Most buyers will ask for additional information about the item for sale. They typically want to see the item in person before paying. Often, sellers may offer the product at too high a price, or they may arrange the offer urgently. Please don’t rush to make these decisions until you’re sure it’s a legitimate company.

Facebook Marketplace Scams

You can get scammed as both seller and buyer on Facebook Marketplace. Buyer fraud occurs when someone tries to buy or trade an item without paying. In seller fraud, someone offers something to sell but doesn’t deliver as promised. Potential Facebook Marketplace scams spotted by Facebook and security experts include these 9 tactics.

1. Send the Item Before Payment Is Received

A buyer can create a fake receipt claiming they’ve paid for merchandise and request the item be sent immediately. Alternatively, a buyer shouldn’t ask the seller to pay in advance.

Because Marketplace sells merchandise via a third party, it would be better to use an accepted payment method when buying items. This includes PayPal and Facebook Marketplace. If paying with PayPal, don’t state that you are paying the seller as a friend or family member. Doing this will invalidate your Paypal protection and might even cause them to lose their funds.

2. A Deal Too Good to Be True

Did you see a listing for the latest popular Nike shoes, for example, at 1/10 of the retail price? The shoes probably are counterfeit, if the goods will be shipped at least.

Ask to see multiple photos of the shoes, a live video, or even an original sales receipt before agreeing to buy. Again, pay with PayPal or another method that protects in case they are counterfeit.

3. Immediate Interest

The “Buyer” wants you to text to arrange for immediate pickup. They will attempt to get your phone number. At this point, scammers can quickly register a Google Voice number, triggering a verification code to be sent to your phone. Scammers will ask you to send a code to confirm you’re real.

What is this scam? I’m selling something on Facebook marketplace, and then this lady wants me to share a Google voice SMS validation. Is she trying to log into *my* Google voice number? pic.twitter.com/ik95KvqyeX

— Scott Hanselman (@shanselman) July 29, 2021

In fact, this code unlocks your Google Voice number for crooks, so then they will use it for more frauds. Since these numbers are trusted, other scams’ efficiency will gradually increase.

4. A Fake Rental Property

The advertised home may be exactly what you’re looking for, but don’t make a deposit until you or someone you trust has had a chance to look at the home to make sure it’s just as advertised – and available. Scammers advertise properties that aren’t even rented out, collect money, and disappear.

SCAM ALERT Victim contacted suspect via Facebook regarding apt rental..Victim met up with suspect &

Victim 1 gave $550
Victim 2 gave $1,100
Victim 3 gave $1,050
3 different victims, SAME SCAM! Protect yourself! pic.twitter.com/PXfh7Y1NHW

— NYPD 48th Precinct (@NYPD48Pct) January 29, 2018

5. Bait and Switch

This is a classic bait with a single product advertisement followed by a replacement. For example, you are interested in some product, but the seller says it is no longer available. Then it offers you a more expensive product that is available. Here you need not be afraid to refuse such an offer, as it is most likely a fraudulent scheme.

6. Overpayment

In this case, the buyer and seller agree on the price, for example, 30 dollars. But the scoundrel pays 50 and tells the seller that he accidentally overpaid and asks for $20 back. It’s not a problem until the bank catches up with you. Since the buyer pays 50 instead of 30, then asks the bank to cancel the entire transaction and tells you that he accidentally overpaid. So he gets $20 from you, receives a chargeback, and disappears with both.

7. Giveaways

Offers about getting something cheap in a giveaway are probably a phishing scheme. When you see the list of the latest discounts – it is ok. But when there is no discount but an offer to share your details by the link in the lot description – that should be a red flag. Such lots often lead you to a third-party site, which will ask for your details – the data needed to participate in that “giveaway”. As you can guess, those sites are no good, and you will receive nothing. Meanwhile, crooks will freely manage the data you’ve kindly provided for free.

Ensuring a Secure Facebook Marketplace Experience: A Guide to Reporting Scams

In the age of online transactions, ensuring the security of your transactions on platforms like Facebook Marketplace is crucial. You might find yourself wondering, “How can I trust the Marketplace on Facebook?” Given the prevalence of scams and fraudulent activities, it’s a valid concern.

Fortunately, Facebook has implemented measures to make it easy for users to report suspected fraud and maintain a safe online marketplace. If you’ve fallen victim to a scam, it’s essential to take immediate action. Facebook provides a straightforward process to report scams on the Facebook Marketplace, and doing so promptly can help protect both yourself and others in the community.

Steps to Report a Facebook Marketplace Scam:

1. Document the Details: Before reporting a scam, gather all relevant information. Take screenshots of the conversation, listing details, and any other evidence that can support your case. The more detailed your documentation, the better equipped Facebook will be to address the issue.
2. Visit the Reporting Page: Access the official reporting page dedicated to Marketplace scams. This page will guide you through the reporting process and provide specific options related to fraudulent activities.
3. Select the Relevant Category: Facebook offers various categories for reporting different types of issues. Choose the category that best describes the scam you encountered. This ensures that your report reaches the appropriate department for faster resolution.
4. Provide Detailed Information: Fill out the report form with accurate and detailed information. Be specific about the nature of the scam, the user involved, and any supporting evidence you have collected. Clear and concise information expedites the review process.
5. Submit the Report: Once you’ve completed the form, review the information to ensure its accuracy. Click the submit button to officially report the scam to Facebook. After submission, Facebook’s team will investigate the matter.

Contributing to a Safer Community:

It’s not just about protecting yourself; it’s also about safeguarding the entire Facebook Marketplace community. If you come across someone attempting to defraud others, consider it your responsibility to report them. By doing so, you contribute to a safer and more trustworthy online environment for both buyers and sellers.

Remember, vigilance and timely reporting are key components of a secure online experience. Stay informed, stay cautious, and actively participate in maintaining the integrity of the Facebook Marketplace.

By following these steps and encouraging others to do the same, we can collectively create a marketplace that thrives on trust and transparency.

The post 7 Facebook Marketplace Scams to Watch Out appeared first on Gridinsoft Blog.

“The Internet and the world cannot wait on platforms to do the right thing, especially when so much depends on it. This partnership seeks to lead the way in providing new and critical ways of illuminating the reality of the internet, led by the people who make it. This partnership comes at a time when the consequences of fragmented awareness have never been more stark,” Ted Han, Rally Product Lead at Mozilla shared with the public.

Mozilla Firefox collaborated with journalists to study the mechanisms of Facebook pixels` work

In 2021 Mozilla released Rally, a Firefox extension that performs a key function in studies and researchers initiated through and completed with collaboration of Mozilla. Before the Markup, browser maker had already collaborated with Princeton University’s Center for Information Technology Policy on information and disinformation concerning politics and COVID-19 throughout online services. And they still have ongoing collective work with the Stanford University Graduate School of Business on information intake and the effect of ads.

The Markup research this time also will use the records supplied through extension. Rally lets customers who, of course, want to do that to volunteer their very own surfing conduct records contributing in such manner to studies. Markup and Mozilla have intentions to unveil the scheme on how the Facebook pixel-powered ads community works and likely get solutions to the subsequent questions: How vast is Facebook’s monitoring community? What different methods does Facebook enable to trace people? What sort of records does the Facebook pixel collect? What can this records disclose about people? Which sites partake in collection of these records? Researchers under Facebook Pixel Hunt study add that company may gather information about you even if you don`t have an account. And everything is possible via the specific Facebook`s pixel network

Facebook won`t let you just come near it

Facebook is well-known for its stubbornness in opposition to any third parties’ projects to dig into the machine of its platform. It canceled, close down and blocked several tasks, amongst them: NYU’s AdObserver researchers’ accounts, CrowdTangle, ProPublica’s Ad Transparency tools. The company even changed its very own code to stave off the Markup’s investigation with Citizen Browser from amassing persons` records. The Facebook Pixel Hunt study will run on until July 13, 2022.

The Facebook pixel is a snippet of JavaScript code that masses a small library of features that advertisers can use to trace via Facebook ads-pushed visitor activity on their internet sites. The mechanism makes use of Facebook cookies, which lets in advertisers to connect internet site traffic to customers corresponding Facebook User accounts. In such a way they can rate clients behavior within the Facebook Ads Manager.

The post The Facebook Pixel Hunt appeared first on Gridinsoft Blog.